Buidling MOD_SSL with FIPS enabled

Is there a way to build the mod_ssl with FIPS enabled? If yes, what version of mod_ssl is fips complaint. It should be supporting only TLS
jainendra_singhAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
currently, you would need to patch the mod_ssl source yourself. a suitable patch has been proposed here:

https://issues.apache.org/bugzilla/show_bug.cgi?id=46270
0
jainendra_singhAuthor Commented:
As pet the https://issues.apache.org/bugzilla/show_bug.cgi?id=46270, I am not sure where exactly do we set SSLFIPS option in mod-ssl? . Also it states that it prohibit keys generated open-ssl less then 1024 bits. what if the administrator already generated the keys using 1024 bits, does it make the private key fips complaint.
0
Dave HoweSoftware and Hardware EngineerCommented:
1) you need to patch the tree with the patch provided, then compile it yourself. at that point, you can add the flag "SSLFIPS" to the httpd.conf

2) yes, because a 1024 bit key is not less than 1024 bits. however, the key must *also* only use a FIPS approved algo for hashing.
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

jainendra_singhAuthor Commented:
Hi,

Is there a FIPS complaint version of mod_ssl available? This patch doesnt guarantee the FIPS complaince, also it is just looking at server.key... what abt the CA certificates, we should allow CA cert to be loaded by mod_ssl which is generated using Non FIPS algorithm.

Please suggest.
0
Dave HoweSoftware and Hardware EngineerCommented:
1) no, there isn't a pre-compiled FIPS mode mod_ssl - it has been proposed as a patch, but it isn't mainstream so the standard branch doesn't have it.

2) no, the patch alone doesn't guarantee FIPS compliance - it must be compiled against (and linked to) a copy of openssl compiled for FIPS (not sure but I think you can get precompiled libraries there) and enabled in the config.

3) CAs are external to the issue - they are just there to certify *your* certificate, they have no part to play in the encryption (FIPS or otherwise). As long as *your* certificate is FIPS compliant, so is the transaction. It would still be FIPS even if self-signed....
0
jainendra_singhAuthor Commented:

Thanks for your comments, regarding # 2 and #3.

#2 We are using OpenSSL version 0.9.8e and generating RSA key using 1024 bits, does it makes FIPS complaint. Is there still need to patch/code in mod-ssl to ensure the key when we have enforced 1024 key bit usage.

#3 I am not sure how a webserver internally handles the CA certs, now I need to ensure that CA certs passed to webserver are FIPS complaint. Also here how do make sure the communication that is happening is using TLS or SSL v3.1 protocol.
0
Dave HoweSoftware and Hardware EngineerCommented:
2) no. only openssl built *with the FIPS MODE BUILD FLAGS TURNED ON* is a FIPS certified module. you can use the FIPS modes and will have FIPS encryption, but you won't have a FIPS certified system unless you are using a specially built FIPS openssl and are running it in FIPS mode.

  Conversely though, you can use the usual "uses a FIPS certified cryptographic module" without patching Apache, provided it *is* using the FIPS version of openssl.

3) CA Certs aren't part of FIPS - they don't take part in the encryption, they are used by the recipient browser to verify the certificate you send.  You can safely ignore them during a FIPS security review of your solution. AFAIK, there is no requirement in FIPS (which is protocol neutral) to support any particular versions of SSL/TLS, just to *not* support any hashes or encryption algos that aren't in the approved list.
0
jainendra_singhAuthor Commented:
Please provide a reference/document for the above statement that "CA Certs aren't part of FIPS"?
0
Dave HoweSoftware and Hardware EngineerCommented:
there aren't any. there is just an absence of statement that says a CA certificate *is* part of FIPS :)
0
jainendra_singhAuthor Commented:
Hi,

I believe this should be documented that FIPS is idependent of SSL protocol. Can I get reference to that?

Secondly can you please confirm that openssl version 0.9.8j is first official release for FIPS complaince, also if there is any document which we can refer.

Thanks
0
jainendra_singhAuthor Commented:
http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html

Here it mentions that TLS cipher suites should be used for FIPS SSL.
0
Dave HoweSoftware and Hardware EngineerCommented:
Its complicated. SSL in its FIPS supporting modes is required to accept only those cryptographic algos and hashes defined by FIPS - including (say) md5 as an option "Breaks" FIPS compliance, and hence that implementation of SSL is no longer acceptable.

so:

1) FIPS says nothing about protocols, just about cryptographic algos and hashes - a fips compliant implementation therefore contains no crypto other than FIPS crypto, and will not accept a non-encrypted alternative for anything where FIPS crypto is made available.

2) A higher level protocol (such as SSL) will be FIPS compliant if it meets the criteria for an implementation which is FIPS compliant - i.e. accepts only FIPS approved methods, and insists on the use of those methods at the approved keysizes.

3) An implementation will be FIPS compliant if and only if it is compliant in the sense above *and* contains (or is) a module which is certified FIPS compliant by a competent and approved testing lab.

Now, none of this requires that FIPS say anything about SSL - it also says nothing about PPTP, SSH, IPSEC or a dozen other cryptographic protocols at the same "level" as SSL - but in order to be FIPS compliant, an implimentation of SSL must (like any implementation) prove it is compliant and has been (or contains a cryptographic module that has been) tested to certify this.

thus, the Microsoft core cryptographic engines, in their FIPS  mode, are certified as a FIPS crypto module; for that reason, SQL server (which can run in FIPS mode) does not itself have to be certified for FIPS, but can rely on the use of a module that is FIPS certified *and* that it is using it in its FIPS mode.

Ok, getting back to the SSL protocol (and TLS, its modern offspring). To be FIPS compliant, it must use (and insist on) FIPS compliant algos and keysizes. To that effect, a certificate *if it is used for encryption* must contain a public key of approved algo and keysize. If it is *not* used for encryption, the key negotiated via Server Key Exchange must satisfy the same criteria.

In common usage, the key *is* used from a certificate, and the additional info in the certificate (validity date, domain, CA signature etc) is validated by the browser to prevent man in the middle attacks. However, that part of the sequence is independent of SSL/TLS (in fact, is part of a different protocol called X509) and can be omitted or deliberately bypassed if required, without affecting the security of the SSL/TLS exchange. The certificate in SSL serves *only* as a means to get the (hopefully FIPS compliant) public key to the client machine, and no other purpose (in practice, it carries a *lot* of permissions data, including a note for which purposes the use of the key is permitted).

finally, the first release I know of with openssl's FIPS mode fully integrated was 0.9.7j. - earlier versions were in use by IBM and with their compilers though.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave HoweSoftware and Hardware EngineerCommented:
to put it another way - there is no statement that apples have or have not a pie requirement.

similarly, there is no statement that pies have or have not a pie requirement.

however, to bake an apple pie, you need to make a pie that contains apples, and there are lots of consumer legislation statements that say how much apple must be in an apple pie for it to be an apple pie. that says nothing about apples as apples, or pies as pies - it is specific to apple pies.
0
Dave HoweSoftware and Hardware EngineerCommented:
bah. ok, for the second line, pretend I wrote


"similarly, there is no statement that pies have or have not an apple requirement."


and I will sit here wishing EE let you edit posts you didn't check before hitting submit :)
0
jainendra_singhAuthor Commented:
A
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.